Fidelity Investments is now facing a proposed class action lawsuit following a data breach in August that exposed the personal information of over 77,000 customers. The lawsuit, filed in the U.S. District Court for the District of Massachusetts, alleges that the financial giant failed to properly safeguard customer data and delayed notifying those impacted by the breach, which occurred between August 17 and August 19.
According to Fidelity’s correspondence with affected customers, the breach involved an unidentified third party who gained access to sensitive data by creating two user accounts on August 19. The company stated that it "immediately took steps to terminate the access" once the breach was discovered.
Lead Plaintiffs Allege Security Failures and Delayed Notification
The lead plaintiffs, Seth and Yaakov Gluck from Spring Valley, New York, claim that hackers accessed sensitive personal information, including Social Security numbers, addresses, and financial details, through Fidelity’s systems. The lawsuit argues that Fidelity’s security protocols were insufficient to prevent the breach and that the company failed to detect it promptly.
While Fidelity identified the breach on August 19, the plaintiffs assert they were not informed until October 10—nearly two months later—following the firm's notification to the Maine Attorney General. The delay, according to the plaintiffs, increased their risk of identity theft and other financial harm.
The complaint states, “As a result of the data breach, the plaintiffs have suffered anxiety over the potential public exposure of their personal information, which they believed was protected from unauthorized access and disclosure.” It also highlights concerns over the possibility of unauthorized individuals accessing, selling, and using this information for identity theft or fraud.
Seeking Compensation and Injunctive Relief
The Glucks are seeking statutory damages, reimbursement of litigation expenses, attorney’s fees, and class action certification for all affected customers. The lawsuit notes that the total claims of the plaintiffs and other class members exceed $5,000,000, excluding interest and costs.
In addition to monetary compensation, the lawsuit seeks injunctive relief to force Fidelity to implement stronger security measures to protect customer data. It also aims to prevent the misuse of already compromised data to protect clients from identity theft.
Related: Blue Cross Blue Shield settles $2.8 billion US health provider class action